<!DOCTYPE html>
<html>
<head>
 
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
</head>



<body>


系统载入中，请稍等...



<?php
//验证登陆信息
session_start();


include_once ("../config.php");



//if($_POST['submit']){
	$username=$_POST['username'];
	$userpass=$_POST['userpass'];
	$userpass=md5($userpass);
	
	
	
	//先判断接收的用户名，是否含有特殊字符。有的话，直接返回登陆框。
	if(!preg_match("/^[0-9a-zA-Z]{3,12}$/",$username)){
             echo "<script language='javascript'>alert('用户名不存在！');location='/login';</script>";}
			  
			  else{
				  
				  
				  

	//设置需要搜索的表格的前缀后缀
    $table_suffix="user";
    $table=$table_Prefix.$table_suffix;
	$query = mysql_query("SELECT COUNT(nid) FROM $table");
    $sum = mysql_result($query, 0);
 

 
//设置需要搜索的表格的前缀后缀
$table_suffix="user";
$table=$table_Prefix.$table_suffix;
 
$result = mysql_query("select * from $table"); 
	
while($row = mysql_fetch_array($result))
  {

	  $admin_nid[]          = $row['nid'];
	  $admin_name[]         = $row['name'];
	  $admin_password[]     = $row['password'];
	  $admin_department[]   = $row['department'];
	  $admin_departmentid[] = $row['departmentid'];
	  $admin_mid[]          = $row['mid'];
	  $admin_quanxian[]     = $row['quanxian'];
	  $admin_authority[]     = $row['authority'];
	  $admin_position[]     = $row['position'];
  }
  
 

 
 //定义一个值，用来记录输入的用户名是否正确
 $get_right_username=false;
 
 
 
//循环一下读取的账户名字，是否和传递过来的一致。
//如果输入的用户名根本没有，则什么都不做，留给下一步。
for($i=0;$i<$sum;$i++)
{
 //如果一致，则开始循环密码
	if ($admin_mid[$i]==$username){
		
		 $get_right_username=true;//传递过来的用户名，是正确的。

if( $admin_authority[$i]=="是"){


		 //对照数据库密码和传递过来的密码是否一致
		if ($admin_password[$i]==$userpass)
		{
			$_SESSION['username']     = $admin_name[$i];
			$_SESSION['department']   = $admin_department[$i];
			$_SESSION['departmentid'] = $admin_departmentid[$i];
			$_SESSION['mid']          = $admin_mid[$i];
			$_SESSION['nid']          = $admin_nid[$i];
			$_SESSION['quanxian']     = $admin_quanxian[$i];
			$_SESSION['position']     = $admin_position[$i];



			//管理员自动扔去后台
        if(
			( $_SESSION['quanxian']=="caiwu") || ( $_SESSION['quanxian']=="chufang") || ( $_SESSION['quanxian']=="admin")
		)
		{
			echo "<script language='javascript'> location='../controlbase/';</script>";
		}


//普通用户去订餐
        echo "<script language='javascript'>location='/front/m2/order-list.php';</script>";


		}



		else {
			echo "<script language='javascript'>alert('密码错误！');location='/login/';</script>";
		}

		}





		else
		{
			echo "<script language='javascript'>alert('没有登录权限！');location='/login/';</script>";
		}
	}
	
//如果没有一致的，就什么都不做。
else{}
	
	
}
	
	
	

 if(!$get_right_username)
{ 
	 echo "<script language='javascript'>alert('用户名不存在！');location='/login';</script>";
}
	
else{}

}
 

//}
?>

 }

</body>